Hacker News new | ask | show | jobs
by cypher_ 2743 days ago
I think the major mistakes of the early Cypherpunks include the following. If we want to go forward, these problems must be solved.

(a) informal approach to cryptography, the entire applied cryptography from late 1990s to the early 2000s suffered from this problem, we are still working hard to correct them since Post-Snowden. TLSv1.3 is the most recent effort to pay our debt.

We should understand that, even we can create lots of clever things by mixing and meshing different cryptographic primitives, if the cryptosystem is fundamental enough that you need to use them in serious systems, they must be formally designed and analyzed. Linux’s /dev/random works by gathering various sources of entropy and mixing them, sounds extremely secure, right? But it doesn’t have the rigorous security properties as shown by formal analysis.

One may argue the design is practically secure, but for something fundamental like this, formal approach should be used to keep it robust in all possible and impossible circumstances, just like a good symmetric cipher should resist all forms of known cryptanalysis, to ensure a strong fallback security — that even the adversary can ask you to encrypt any data of their choice, the cipher is still unbreakable.

Empiricism works well in many cases, and you can surely design cryptographic protocols and applications in this way, but it should know when it is needed to stop and call a true cryptographer. The Signal Protocol is a good example of well-designed, and formally analyzed protocol, while Telegram is a bad one.

(b) Overemphasize of Technical Possibilities, But Not Usability. The Cypherpunks were fascinated by cryptography’s endless possibilities. As a result, they create systems which there are hundreds of user adjustable parameters and options.

Do you want AES? TwoFish? 3DES? The first one is the U.S. national standard, well-reviewed, fast hardware implementation, but it has a relatively weak key schedule and may have a small risk of related-key attack in 256-bit mode, but related-key is not a real issue in proper encryption, and… the second one is the security guru Schneier’s cipher, years of cryptanalysis didn’t discover any flaws, and the pure software implementation is typically faster than 256-bit AES, but… Do you want SHA-1? RIPEMD-160? SHA-256? SHA-512? SHA-3? BLAKE2e? SHA-1 and RIPEMD-160 is not recommended for new systems, SHA-256 is the best practice, but why don’t you use SHA-512 for additional protections? By the way, SHA-3 is not vulnerable to length-extension attacks as it’s not a Merkle–Damgård construction, and BLAKE2e is the state-of-art by utilizing Daniel J. Bernstein’s ChaCha20 stream cipher…and so on, and so on, and so on…

You can see this in GnuPG, almost every aspect of encryption can be adjusted. Another example is Mixmaster remailer, which has more than 20 parameters to control the behavior of mail forwarding.

These designs are clearly from the desires to fit the personal preferences by different professional Cypherpunks, but has little actual security benefits. Instead, it greatly complicates the entire protocol, and expose a large surface for attackers. On the other hand, WireGuard, an execellent VPN protocol, doesn’t allow the user to change anything. It is hard-coded to only use state-of-art, and proven algorithms, such as ChaCha20 and Curve25519.

Dreaming about the endless use-cases is another related issue, Cypherpunks spent too much time discussing them, such as trustless key management, etc. However, to bring real changes, we must have systems designed for ordinary people. An less-than-ideal encryption protocol that is simple enough for mass adoption, is superior to a completely trustless protocol, but only usable by a handful of Cypherpunk.

Cypherpunk may disregard these protocols for its imperfections by Cypherpunk’s standard, but it’s still essential to develop them as mass adoption is crucial for Cypherpunks to succeed.

(c) Unrealistic Overconfidence in Cryptography

In Tim May’s The Crypto Anarchist Manifesto of 1992, it announced that, there will be the extensive re-routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering, and as more and more Cypherpunk decided to opt-out from the conventional social order and enters the cypherspace, the State can be therefore eliminated.

The security of any real-life systems is nowhere close to that level in the Manifesto, it could be done in theory doesn’t mean it can be done in practice.

Also, as Cory Doctorow stated, the best encryption, the fastest computers, the most open networks, will not make you comfortable living in an autocratic, corrupt state. You and your radical friends will eventually make a mistake and be rolled up by state thugs, or blacklisted, or blackmailed, or publicly discredited. To evade this all-pervading power, you have to be perfect. To defeat your evasion, the state need merely find a moment’s imperfection in your operational security. Even if your system is perfect, the human-element is the weakest link, the State just need to wait you making a single mistake to be hunt you down, the story of The Silk Road is a good cautionary tale for us.

We should continue the original vision and ideals, but also adopt an reality-based approach, keep quoting Doctorow,

The internet is a tool that can crack open a space in even the most totalitarian of regimes, a place where reformers and revolutionaries can organize, mobilize, and fight back. It’s a forum for whispering dissidence in secret and for blasting the shameful secrets of the powerful at full volume.

The theory of change that goes, “We will walk away from politics and use the internet to evade state oppression” is a dead letter. It always has been. But the theory that goes, “The internet will let us organize to hold the government to account, to topple the corrupt, to rally the honorable and expose the wicked” — that theory has never been more important.

(d) “Cypherpunks Write Code!”

Linus Torvalds like to say “Talk is cheap, show me the code”. The slogan of Cypherpunks in fact came earlier, “Cypherpunks Write Code!”. The meaning is that, good ideas need real implementation, not just talks.

Unfortunately, the discussions of the Cypherpunks were too broad and pretty much ahead of its time, as a result, most ideas were not implemented, and few implementations were only prototypes. Even the best software package, suffers from Problem B.

It is not to say that discussions are unnecessary, but we must build something for mass adoption as well. So perhaps a new slogan, “Cypherpunks Build Apps” can be used, although “app” sounds like a corporate buzzword.

(e) Hostile Discussion Atmosphere

Cypherpunks were radicals, many are radical individualists and anarcho-capitalists, with very strong personally opinions on almost everything and very militant. The Cypherpunk mailing list suffered from endless personal attacks and arguments from day 0. I recommend everyone to read the Cypherpunk Mailing List archives to understand the situations.

If we want to build a public forum, we should take all the possible precautionary measures to prevent it from happening, and cooperate towards a common goal. Having an ideological civil war between democratic socialist, and libertarians only helps the Big Brother.

We should find a way to allow diverse groups of people of different ideologies to cooperate to accomplish things, meanwhile still upholding the same core values.
2 comments
schoen 2743 days ago
I gave a talk in October where I said that some things that original cypherpunks got right were

+ Money and payments as locus of power

+ Naming and identity as locus of power

+ Access to cryptography as locus of power

+ Governments' appetite for electronic surveillance

+ Anonymity enabling otherwise impossible interactions

and some things that they got wrong were

- Vanguardism

- Sybils and models of public discourse

- Adaptability and resources of state actors

- Software vulnerability

- Decentralization is consistently expensive (in many different ways) and few people have agreed that they need it

- Extreme technical fragility of anonymity (deanonymization, correlations, uniqueness of items in high-dimensional datasets, stylometry and behavioral uniqueness)

(This is not meant to suggest that the cypherpunks didn't talk or think about these issues, just that they tended to underestimate how big a challenge they would represent.)

link
cypher_ 2743 days ago
Insightful comment, thank you!

I would like further to say, as I said in another comment, Cyphernomicon is one of the most valuable document worth to read, an amazing collecting of farseeing ideas. The widespread of data breach, privacy-invading computer systems and software, tendency of authoritarianism and mass surveillance in the digital world, how Internet will change whistleblowing, and even cryptographic ransomware were predicted.

They got a lot of things correct. But many great ideas are still not implemented. I'm listing a few that I really want to see and use today...

* In Tim May's Cyphernomicon, two concepts are of great significance: anonymity, AND reputation. The most common argument today against anonymity is, "how can you trust these people", but the problem has been answered early: you build a system and community based on reputation. Unfortunately, nowadays, only the first part of the vision, anonymity, is partially implemented, but there is almost no deployed reputation/identity system.

There are some of them, e.g. Web-of-Trust based, blockchain-based, Reddit/Hacker News karma, but I think we still don't have figure out a system that implements May's vision. I really want to see something similar to the Cyberspace in True Names or Ender's Game... Currently the best approximation is just 4chan + Reddit + Second Life + Tor, or perhaps OpenBazaar and BitNation?, which is not very interesting.

And of course, there are reasons. If you attach an identity to anonymity, it downgrades to pseudonymity. Having a long-term pseudonymity is very dangerous, once you have leaked ~30 bit of entropy, your anonymity is basically finished. Another hard problem of reputation is Sybil Attack.

* Dining cryptographers, or DC-net, a revolutionary anonymous network by David Chaum, which eliminates correlation attacks and information-theoretic secure. Cypherpunks saw the Onion Routing of Cypherpunk Remailing can be written in an afternoon of Perl hacking, it shouldn't be hard to perfect the system and move to DC-net within the next 5 years.

But the hard problems of DC-net has been overlooked, one non-cooperative participant can DoS the entire network. The solution is the construction of a BLAME protocol for kicking out malicious nodes out. I think we just managed to solve most of the problem with a functional prototype, DISSENT, in 2015 (20 years later!!). Until a practical network has been engineered, DC-net is still like One-Time Pad, good on paper but not useful in practice.

link
cypher_ 2743 days ago
Do you have related writings or presentations on your hands? If so, could you please publish them online? I'd love to see some details of your critique, especially, what is the problem of Vanguardism?
link
schoen 2743 days ago
I wrote up kind of a long reply about the vanguardism issue, but I think I want to sleep on it and see if I can potentially express it more clearly.
link
schoen 2742 days ago
Let me know if there's somewhere you'd like me to send or publicize it if I manage to get it cleaned up and decide to publish it.
link
cypher_ 2741 days ago
Thanks again! Please mail to https://pgp.mit.edu/pks/lookup?search=0xafb8546e8c884a41ae0c... if you are going to send me something. ;-)
link
ebcode 2743 days ago
> I recommend everyone to read the Cypherpunk Mailing List archives to understand the situations.

https://mailing-list-archive.cryptoanarchy.wiki/

link